Open5GS UDP Packet ogs-tlv-msg.c denial of service
CVE-2022-3354

3.5LOW

Key Information:

Vendor: Unspecified
Status: Open5gs
Vendor: CVE Published:; 28 September 2022

🔔 Create Unspecified Vulnerability Alert

What is CVE-2022-3354?

A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability.

Affected Version(s)

Open5GS 2.4.0

Open5GS 2.4.1

Open5GS 2.4.2

References

https://github.com/open5gs/open5gs/issues/1767

x_refsource_MISC

https://vuldb.com/?id.209686

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2022
Vulnerability Reserved
Sep 28, 2022

Credit

Pablo Valle Alvear